Technical Tip: Configure Radius Authentication whi...

hgarara · 01-26-2025

Description This article describes how to resolve the error 'Change state pending timer expired' while FortiAP is showing offline. Scope FortiAP, FortiGate. Solution When FortiAP shows offline verify the reason for failure using the below command: TE...

hgarara · 10-07-2024

Description This article describes configuration about policy-based IPsec tunnel with FortiGate's GUI where both sides have static IP. Scope FortiGate. Solution Steps to configure policy-based IPsec tunnel: Configure FotiGate1. Step 1:Enable 'Policy ...

hgarara · 08-12-2024

Description This article describes why radius user bypasses 2FA while connecting to SSL VPN. Scope FortiGate. Solution Note: username-case-sensitive is enabled under the Radius server configuration (i.e. config user radius). config user radius edit "...

hgarara · 08-01-2024

Description This article describes the difference between 'set weight' under BGP neighbor, and 'set set-weight' under BGP route-map. Scope FortiGate. Solution Using the weight parameter under the route map gives the granular control over each route f...

hgarara · 01-04-2024

Description This article describes how to use namespace while configuring SAML between Azure(Idp) and Fortigate(SP) Scope FortGate. Solution In some cases, namespaces are configured by default for username and group claims on Azure for SAML configura...

hgarara · 10-04-2024

Hello @jaypat, Confirm if generating host key from sshkeygen looks like the format below(example): ssh-rsa AAAAAAAAAAAAhaslkdjalkdsmx;asmscx;la,x;l,alsx,a asdiohjfwidpokpco,zx;kcjmascpkas;xka;lkx;lakx;laksp - Try to copy the whole text paste it to no...

hgarara · 08-21-2024

Hello @james_hull, I understand your concern, instead of adding malicious IPs manually, you can make this process dynamic. Please refer to this article which will certainly block the ip address if there is an invalid user connection attempt being mad...

hgarara · 08-01-2024

Hello @Mirza_Asad2723, Can you please share the firmware version of fortigate and how is the policy being set up? Thank you, Hemil

hgarara · 07-24-2024

Hello @Marcos_FDS1012,Regardless if its a different VPN's DNS taking over your local DNS due to which you are facing issues with FSSO. They should be capable of using split DNS. If its not the case. Please elaborate the issue in detailed manner. Than...

hgarara · 07-24-2024

Hello @Marcos_FDS1012, Based on you description, it seems like you would like to prioritize machine's DNS over VPN? Please try using split DNS under vpn configuration. Split DNS for SSL VPN portals allows to specify which domains are resolved by the ...

User Statistics

User Activity

Troubleshooting Tip: FortiAP offline due to the 'Change state pending timer expired' error

Technical Tip: How to configure policy-based IPsec VPN Tunnel

Technical Tip: Radius user bypass 2FA when connecting to SSL VPN

Technical Tip: Difference between BGP neighbor/Route map weight parameter

Technical Tip: Namespace configuration on Azure SAML with FortiGate

Re: Setting override ssh host key on FortiGate

Re: Bot Hammering Our SSL-VPN. Using Spoofed US IPs.

Re: The 'malicious website' category is 'blocked' but still opening

Re: Error connecting to a VPN takes down Fortinet Single Sing On Agent Configuration

Re: Error connecting to a VPN takes down Fortinet Single Sing On Agent Configuration

Technical Tip: Configure Radius Authentication whi...

Technical Tip: Namespace configuration on Azure SA...

Re: Sdwan rules page shows nothing

Re: Bot Hammering Our SSL-VPN. Using Spoofed US I...

Troubleshooting Tip: Check SoftIrq increments (rec...

Re: WAN1 Not Available for SD-WAN

KCS

User Statistics

User Activity

You are leaving our website